Actions
Bug #5351
closedSanitze user input, even if restricted by html
Start date:
10/28/2015
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3
Affected Architecture:
All
Description
The following XSS can be eleminated, by checking if the input is a number, but I think there are more attacks possible.
Go to the dashboard and open the trafficgraph-settings. Change the input type from number to text for the refresh-interval element and put some xss content inside, e.g.
"><script>alert("XSS")</script>
and voila, there you have it.
I think there are tons of XSS-attacks possible. The problem is, that these settings are shared via user accounts, so a "unprivileged" user can change those settings and attack an admin for example.
Actions